diff --git a/labs/2-Create-Blazor-Frontend/end/eShop.AppHost/eShop.AppHost.csproj b/labs/2-Create-Blazor-Frontend/end/eShop.AppHost/eShop.AppHost.csproj index 12f452e..7858fe0 100644 --- a/labs/2-Create-Blazor-Frontend/end/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/2-Create-Blazor-Frontend/end/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/2-Create-Blazor-Frontend/src/eShop.AppHost/eShop.AppHost.csproj b/labs/2-Create-Blazor-Frontend/src/eShop.AppHost/eShop.AppHost.csproj index f785ca0..94cc40a 100644 --- a/labs/2-Create-Blazor-Frontend/src/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/2-Create-Blazor-Frontend/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/3-Add-Identity/README.md b/labs/3-Add-Identity/README.md index c76ebce..b8aa742 100644 --- a/labs/3-Add-Identity/README.md +++ b/labs/3-Add-Identity/README.md @@ -37,12 +37,30 @@ You can read more about [selecting an identity management solution for ASP.NET C ![The dashboard showing the logs for the exited 'idp' resource](./img/dashboard-idp-logs-error.png) The logs should indicate that there was an error with the imported client `webapp`, specifically that the URLs/URIs configured are invalid. This is because the `eshop-realm.json` file that was imported contains processing tokens intended to inject values from environment variables which haven't been configured yet. -1. We can use Aspire APIs to extract the runtime-assigned URLs for our `webapp` resource and inject them into the `idp` resource as environment variables using the [`WithEnvironment` method](https://learn.microsoft.com/dotnet/api/aspire.hosting.resourcebuilderextensions.withenvironment?view=dotnet-aspire-8.0), so that the processing tokens in the imported `eshop-realm.json` file will be replaced with valid values. Add the following lines to the `Program.cs` file, after the call defining the `webapp` resource. You will need to modify the `webapp` resource code to capture the resource in a variable named `webApp`: +1. We can use Aspire APIs to extract the runtime-assigned URLs for our `webapp` resource and inject them into the `idp` resource as environment variables using the [`WithEnvironment` method](https://learn.microsoft.com/dotnet/api/aspire.hosting.resourcebuilderextensions.withenvironment?view=dotnet-aspire-8.0), so that the processing tokens in the imported `eshop-realm.json` file will be replaced with valid values. Add the following lines to the `Program.cs` file, after the call defining the `webapp` resource. You will need to modify the `webapp` resource code to capture the resource in a variable named `webApp`: ```csharp + + var webApp = builder.AddProject("webapp") + .WithReference(catalogApi) + .WithReference(idp, env: "Identity__ClientSecret"); + // Inject the project URLs for Keycloak realm configuration - idp.WithEnvironment("WEBAPP_HTTP", webApp.GetEndpoint("http")); - idp.WithEnvironment("WEBAPP_HTTPS", webApp.GetEndpoint("https")); + var webAppHttp = webApp.GetEndpoint("http"); + var webAppHttps = webApp.GetEndpoint("https"); + idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); + if (webAppHttps.Exists) + { + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); + } + else + { + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); + } ``` 1. Run the AppHost project again and verify that the container starts successfully. This can be confirmed by finding the following lines in the container's logs: @@ -66,19 +84,18 @@ You can read more about [selecting an identity management solution for ASP.NET C 1. Once signed in, select the **eShop** realm from the drop-down in the top-left corner: - ![Selecting the 'eShop' realm in the Keycloak adminstration console](./img/keycloak-eshop-realm-select.png) + ![Selecting the 'eShop' realm in the Keycloak administration console](./img/keycloak-eshop-realm-select.png) 1. Visit the **Clients** and **Users** pages of the administration console and see that the realm is already configured with a client app named **webapp** and a user named **test@example.com**. Note that the **Home URL** for the **webapp** client matches the endpoint URL of our `WebApp` project as that value was injected by the code we added to the `eShop.AppHost` project: ![Details of the 'webapp' client in the 'eShop' realm in Keycloak](./img/keycloak-eshop-realm-details.png) -1. Now that we've confirmed that our Keycloak instance is successfully configured, update the `Program.cs` file of the AppHost project so that the `webapp` resource references the `idp` Keycloak resource, using the `WithReference` method. This will ensure that the `webapp` resource will have configuration values injected via its environment variables so that it can resovle calls to `http://idp` with the actual address assigned when the project is launched. Additionally, use the `WithLaunchProfile` method to ensure the `webapp` resource is always launched using the `"https"` launch profile (defined in its `Properties/launchSettings.json` file) as OIDC-based authentication flows typically require HTTPS to be used: +1. Now that we've confirmed that our Keycloak instance is successfully configured, update the `Program.cs` file of the AppHost project so that the `webapp` resource references the `idp` Keycloak resource, using the `WithReference` method. This will ensure that the `webapp` resource will have configuration values injected via its environment variables so that it can resolve calls to `http://idp` with the actual address assigned when the project is launched: ```csharp - // Force HTTPS profile for web app (required for OIDC operations) - var webApp = builder.AddProject("webapp", launchProfileName: "https") + var webApp = builder.AddProject("webapp") .WithReference(catalogApi) - .WithReference(idp) + .WithReference(idp); ``` 1. Launch the AppHost project again and use the dashboard to verify that the address of the `idp` resource was injected into the `webapp` resource via environment variables: @@ -89,25 +106,11 @@ You can read more about [selecting an identity management solution for ASP.NET C Now that our Keycloak instance is setup as an IdP, we can configure the web site to use it for identity and authentication purposes via OpenID Connect. -1. Open the `WebApp` project and reference to the `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet package, version `8.0.1`. You can use the `dotnet` CLI, Visual Studio NuGet Package Manager, or just edit the .csproj file manually: +1. Open the `WebApp` project and add a reference to the `Microsoft.AspNetCore.Authentication.OpenIdConnect` NuGet package, version `8.0.1`. You can use the `dotnet` CLI, Visual Studio NuGet Package Manager, or just edit the .csproj file manually: ```xml ``` -1. In the `eShop.ServiceDefaults` project, create a new file called `ClaimsPrincipalExtensions.cs` and add the following extension methods class. These methods will make it easy to retrieve the user ID and name when needed from any of our projects: - - ```csharp - namespace System.Security.Claims; - - public static class ClaimsPrincipalExtensions - { - public static string? GetUserId(this ClaimsPrincipal principal) - => principal.FindFirst("sub")?.Value; - - public static string? GetUserName(this ClaimsPrincipal principal) => - principal.FindFirst(x => x.Type == "name")?.Value; - } - ``` 1. In the `WebApp` project, open the `HostingExtensions.cs` file and add a new field to define a name for the `HttpClient` instance the OIDC code will use: @@ -121,7 +124,7 @@ Now that our Keycloak instance is setup as an IdP, we can configure the web site builder.Services.AddHttpClient(OpenIdConnectBackchannel, o => o.BaseAddress = new("http://idp")); ``` -1. In the same file, add the following methods that will configure authentication and authorization services in the application's DI container, and configure the OIDC authentication handler to use our IdP (remember to add any required `using` statements to import namespaces): +1. In the same file, add the following methods that will configure authentication and authorization services in the application's DI container, and configure the OIDC authentication handler to use our IdP (remember to add any required `using` statements to import the `System.Security.Claims` namespace): ```csharp public static void AddAuthenticationServices(this IHostApplicationBuilder builder) @@ -191,7 +194,7 @@ Now that our Keycloak instance is setup as an IdP, we can configure the web site 1. Spend a few minutes reading through the added methods, including navigating to the definition of methods like `GetIdpAuthorityUri` which is defined in the `eShop.ServiceDefaults` project and shows how the OIDC authority URL is constructed from the `HttpClient.BaseAddress` and custom configuration values. Note that this address format is specific to our Keycloak instance and using other IdPs would require modified logic. Notice that there are actually two authentication schemes being configured: - + - Cookies - OpenID Connect @@ -203,7 +206,8 @@ Now that our Keycloak instance is setup as an IdP, we can configure the web site ```csharp builder.AddAuthenticationServices(); ``` -1. Open the `LogOutService.cs` file. This file defines a class that will be used to sign a user out when requested or required. Update the `LogOutAsync` method to sign the user out of both configured authentication schemes (cookies and OIDC): + +1. Open the `Services/LogOutService.cs` file. This file defines a class that will be used to sign a user out when requested or required. Update the `LogOutAsync` method to sign the user out of both configured authentication schemes (cookies and OIDC): ```csharp public async Task LogOutAsync(HttpContext httpContext) @@ -214,35 +218,16 @@ Now that our Keycloak instance is setup as an IdP, we can configure the web site ``` At this point, all the code required to configure authentication in the app has been added. Now we'll enable UI elements to allow the user to sign in. -1. The project already contains a Razor Component that defines a menu for users including sign in and sign out options. Locate and open the `UserMenu.razor` file and take a momment to read through it, noting the use of the `AuthorizeView` component to display different UI elements depending on whether the user is currently authorized or not. -1. The project also already contains Razor Component pages for signing in and signing out. Open the `LogIn.razor` file and note that there is no UI markup defined here. That's because we're using an IdP and federated authentication so the sign in UI will be owned by the IdP which the application will redirect the user to when they need to sign in. The redirect is automatically instigated by the ASP.NET Core authentication system when this page is navigated to, due to this page being decorated with the `[Authorize]` attribute. +1. The project already contains a Razor Component that defines a menu for users including sign in and sign out options. Locate and open the `Layout/UserMenu.razor` file and take a moment to read through it, noting the use of the `AuthorizeView` component to display different UI elements depending on whether the user is currently authorized or not. +1. The project also already contains Razor Component pages for signing in and signing out. Open the `User/LogIn.razor` file and note that there is no UI markup defined here. That's because we're using an IdP and federated authentication so the sign in UI will be owned by the IdP which the application will redirect the user to when they need to sign in. The redirect is automatically instigated by the ASP.NET Core authentication system when this page is navigated to, due to this page being decorated with the `[Authorize]` attribute. There's a helper method defined on this page to construct a URL that can be used to navigate to the page to perform a sign in, with support for various scenarios including redirecting to the original page the user requested that required them to sign in (`ReturnUrl`), preserving the original querystring or not, and forcing the user to re-login for relevant scenarios (we'll explore some of those in a later lab). -1. Open the `HeaderBar.razor` file and uncomment the line that adds the `UserMenu` component to the header navigation bar: +1. Open the `Layout/HeaderBar.razor` file and uncomment the line that adds the `UserMenu` component to the header navigation bar: ```razor ``` -1. Before we can run the site, we need to update its configuration with the client secret required to authenticate itself to the IdP. A client secret is like a password, used by an IdP client (in this case, our web site) to authenticate itself as a known client that can perform protected operations against the IdP, like signing a user in. Alternate authentication methods like certificates are also commonly used. - - The client secret we need is in the `eshop-realm.json` file that is imported into our Keycloak instance every time it starts up. Open this file and search for the value `"clientAuthenticatorType" : "client-secret"`. The instance we need is defined on the object that represents the client app registration for the `webapp` client (it should be on or abouts line 649). Under this line you will see the secret value defined: - - ```json - "clientAuthenticatorType" : "client-secret", - "secret" : "...", - ``` - - Copy the secret value to the clipboard for the next step. -1. Set a user secret value for the `WebApp` project with the name `Identity:ClientSecret` and the secret value you copied from the realm JSON file. You can use the [`dotnet user-secrets` command-line tool](https://learn.microsoft.com/aspnet/core/security/app-secrets#set-a-secret) to do this, or right-mouse click on the project in Visual Studio and select **Manage User Secrets** to open the user secrets JSON file and add it directly, e.g.: - - ```json - { - "Identity:ClientSecret": "..." - } - ``` - - > Note that all the `WebApp` projects in the various labs share the same [user secrets ID](https://learn.microsoft.com/aspnet/core/security/app-secrets#enable-secret-storage), so you should only need to set this value once. 1. Launch the AppHost project and navigate to the home page of the web site. There should now be a user menu icon displayed in the top right-hand corner of the page: ![eShop web site user menu icon](./img/eshop-web-usermenu-icon.png) @@ -266,4 +251,4 @@ Now that our Keycloak instance is setup as an IdP, we can configure the web site ![Browser developer tools in Edge showing the trace of network requests that occur when signing-in to the site](./img/browser-dev-tools-network-signin-flow.png) - You can read more about the authentication flow occuring here in the [Keycloak documentation](https://www.keycloak.org/docs/latest/securing_apps/#authorization-code). + You can read more about the authentication flow occurring here in the [Keycloak documentation](https://www.keycloak.org/docs/latest/securing_apps/#authorization-code). diff --git a/labs/3-Add-Identity/end/Keycloak/data/import/eshop-realm.json b/labs/3-Add-Identity/end/Keycloak/data/import/eshop-realm.json index 4b4ff55..349ae7c 100644 --- a/labs/3-Add-Identity/end/Keycloak/data/import/eshop-realm.json +++ b/labs/3-Add-Identity/end/Keycloak/data/import/eshop-realm.json @@ -647,7 +647,7 @@ "enabled" : true, "alwaysDisplayInConsole" : false, "clientAuthenticatorType" : "client-secret", - "secret" : "dAayhA7hWQFrNpKJvskRodHSDuf1burR", + "secret" : "${WEBAPP_CLIENT_SECRET}", "redirectUris": [ "${WEBAPP_HTTP}/*", "${WEBAPP_HTTPS}/*" ], "webOrigins": [ "${WEBAPP_HTTPS}", "${WEBAPP_HTTP}" ], "notBefore" : 0, diff --git a/labs/3-Add-Identity/end/eShop.AppHost/Program.cs b/labs/3-Add-Identity/end/eShop.AppHost/Program.cs index 713e092..3e2000f 100644 --- a/labs/3-Add-Identity/end/eShop.AppHost/Program.cs +++ b/labs/3-Add-Identity/end/eShop.AppHost/Program.cs @@ -26,17 +26,26 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(catalogApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} // Inject assigned URLs for Catalog API catalogApi.WithEnvironment("CatalogOptions__PicBaseAddress", catalogApi.GetEndpoint("http")); diff --git a/labs/3-Add-Identity/end/eShop.AppHost/eShop.AppHost.csproj b/labs/3-Add-Identity/end/eShop.AppHost/eShop.AppHost.csproj index 12f452e..7858fe0 100644 --- a/labs/3-Add-Identity/end/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/3-Add-Identity/end/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/3-Add-Identity/src/Keycloak/data/import/eshop-realm.json b/labs/3-Add-Identity/src/Keycloak/data/import/eshop-realm.json index 68ecb7e..51d21c1 100644 --- a/labs/3-Add-Identity/src/Keycloak/data/import/eshop-realm.json +++ b/labs/3-Add-Identity/src/Keycloak/data/import/eshop-realm.json @@ -1,1944 +1,2121 @@ { - "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", - "realm" : "eShop", - "displayName" : "", - "displayNameHtml" : "", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : true, - "registrationEmailAsUsername" : true, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "fbab7668-d3db-44d7-9c41-f54ef80d1f60", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", - "attributes" : { } - }, { - "id" : "843ea8cf-34fa-4e7d-a28a-181252a553aa", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", - "attributes" : { } - }, { - "id" : "b2fa8449-be5e-4cde-8771-74e028be70ea", - "name" : "default-roles-eshop", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "view-profile", "manage-account" ] + "id": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "realm": "eShop", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": true, + "registrationEmailAsUsername": true, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "fbab7668-d3db-44d7-9c41-f54ef80d1f60", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + }, + { + "id": "843ea8cf-34fa-4e7d-a28a-181252a553aa", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + }, + { + "id": "b2fa8449-be5e-4cde-8771-74e028be70ea", + "name": "default-roles-eshop", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ "offline_access", "uma_authorization" ], + "client": { + "account": [ "view-profile", "manage-account" ] + } + }, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73", + "attributes": {} + } + ], + "client": { + "webapp": [ + { + "id": "7139816d-84aa-427a-b7ca-b020e9b8b6e5", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "cc5ff175-d0b3-4759-8b01-49e60dfa9269", + "attributes": {} + } + ], + "realm-management": [ + { + "id": "8175000f-6ed7-4854-8d33-0aefdb634d37", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "18ef8a22-f1d4-43e2-aea8-56e464fdcbc1", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "query-groups", "query-users" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "34eeeecc-6e38-4fa7-9b9a-5396984beb70", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1b982c51-ce1d-458a-8f87-dc473dee86c8", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "740a92df-796f-4b13-80f1-5d8ddc1234fa", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "000b2e2a-4eb2-4d43-b759-1aae49784d41", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "daa9c3f8-37b1-4e75-a0b6-714fbc255e7a", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "f3ca11fc-8037-495a-be86-6b0edde4158a", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "4af47186-68b1-4629-8189-ccf2893a5986", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "30eaf565-6c5e-4173-bed9-66bd676838c5", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "74c174ee-9aad-442a-9497-76aec3ab0c4f", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "a16beadc-0c9c-4cbe-a31b-a6b33f8a74c0", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1dc381e7-0e24-44d7-92e4-d8edc8892ba3", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "7389a745-41fe-4c87-bbd8-b6751e41cb0d", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "dfcb55ac-6048-4633-8390-76a92dc01ff8", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "1a7f77d3-ad95-402b-a13a-e99290b120cc", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "86f91729-f0a4-474a-828a-783acaa70ee6", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "7e77d988-3a49-4f94-b770-36717a3a67a0", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "manage-users", "view-users", "query-clients", "create-client", "view-realm", "query-realms", "view-events", "query-users", "manage-clients", "manage-authorization", "manage-realm", "view-identity-providers", "manage-events", "manage-identity-providers", "view-authorization", "impersonation", "view-clients", "query-groups" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + }, + { + "id": "447bd792-fbfa-4a8d-bbfb-9c8c4fa55bbe", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ "query-clients" ] + } + }, + "clientRole": true, + "containerId": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "4976b16a-a2e9-4738-b2dc-0e7a28679300", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "1790c30e-7010-4d4f-bc3b-181a65868873", + "attributes": {} + } + ], + "account": [ + { + "id": "e39429fa-1cec-4595-908d-e0c53e9f9c6c", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "61c7e1eb-6fe7-4cf5-9538-4975f4c0321c", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "d3d3938b-9c19-4261-9105-c77426dcf984", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "de1829b1-0c28-4ef2-b6d6-59d412086da6", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "9a4e43f4-28fe-4182-a916-8b0270dbd5c6", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ "view-consent" ] + } + }, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "7d24e973-1015-4b85-9246-aaa0fc8ef71e", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "8f10d2cc-ccdf-41f0-b5f2-2c1226b2e182", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + }, + { + "id": "4497bf44-3add-482d-b081-ce0c8e2c4d55", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ "manage-account-links" ] + } + }, + "clientRole": true, + "containerId": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "b2fa8449-be5e-4cde-8771-74e028be70ea", + "name": "default-roles-eshop", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "e3a46e00-f700-4eaa-b1d3-6aad1045be73" + }, + "requiredCredentials": [ "password" ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ "ES256" ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "dacfbd28-991c-43d8-bd9a-36e73095fd73", + "createdTimestamp": 1705700546001, + "username": "service-account-webapp", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "webapp", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ "default-roles-eshop" ], + "clientRoles": { + "webapp": [ "uma_protection" ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "179dc1ef-e1ea-4488-95d8-25966c51dbe7", + "createdTimestamp": 1706043756945, + "username": "test@example.com", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "Test", + "lastName": "User", + "email": "test@example.com", + "credentials": [ + { + "id": "b3303049-ca64-4b2e-8e54-f8ba68cb1dd3", + "type": "password", + "userLabel": "My password", + "createdDate": 1706043767385, + "secretData": "{\"value\":\"yiJD8l5ry2Cod9AUvrkku/W/dYpJrRP3e7AYKw+zFpE=\",\"salt\":\"EJ6jMyRlQOGqUmWDq493qw==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ "default-roles-eshop" ], + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ "offline_access" ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ "manage-account", "view-groups" ] + } + ] + }, + "clients": [ + { + "id": "82385f82-f986-49fe-a512-5a8ea45f09ee", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/eShop/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/realms/eShop/account/*" ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "d84cf061-eeeb-4675-b0d0-5cd609bc44c6", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/eShop/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/realms/eShop/account/*" ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "6abcbb09-2122-4bbb-91f4-4c61c8abff65", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "f63db859-cf66-42f4-9ce0-1d40ca5c922c", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "1790c30e-7010-4d4f-bc3b-181a65868873", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "e6a9aea6-f8d4-40f6-a832-6537fce8791e", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/eShop/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ "/admin/eShop/console/*" ], + "webOrigins": [ "+" ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "ad67051f-d487-417e-9375-f6563ee86ddf", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, + { + "id": "cc5ff175-d0b3-4759-8b01-49e60dfa9269", + "clientId": "webapp", + "name": "eShop Web Frontend", + "description": "The frontend web site of the eShop system.", + "rootUrl": "${WEBAPP_HTTP}", + "adminUrl": "${WEBAPP_HTTP}", + "baseUrl": "${WEBAPP_HTTP}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "${WEBAPP_CLIENT_SECRET}", + "redirectUris": [ "${WEBAPP_HTTP}/*", "${WEBAPP_HTTPS}/*" ], + "webOrigins": [ "${WEBAPP_HTTPS}", "${WEBAPP_HTTP}" ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1705700546", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "46526429-fa70-4518-9512-089a9830f179", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "9eee2065-3d31-4621-be61-b83f05f2c113", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "4951c816-a177-4193-b714-585b0bb23ab5", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] + } + ], + "clientScopes": [ + { + "id": "4d6f4264-5a7e-4d41-894c-6b721f14fd1f", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "c5d42bda-8b7c-4da7-9ef7-e27b8c5078c6", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } } + ] + }, + { + "id": "bbb1ecc5-64ba-4013-a020-49b0a9059bb2", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1230fed0-b7d3-4868-b286-cd25b8158c83", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] + }, + { + "id": "5ad804f6-d175-4b97-81dd-b9091071b9e4", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" }, - "clientRole" : false, - "containerId" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", - "attributes" : { } - } ], - "client" : { - "webapp" : [ { - "id" : "7139816d-84aa-427a-b7ca-b020e9b8b6e5", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "cc5ff175-d0b3-4759-8b01-49e60dfa9269", - "attributes" : { } - } ], - "realm-management" : [ { - "id" : "8175000f-6ed7-4854-8d33-0aefdb634d37", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "18ef8a22-f1d4-43e2-aea8-56e464fdcbc1", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-groups", "query-users" ] + "protocolMappers": [ + { + "id": "f28975dc-48c3-463f-aa6a-e999945d4566", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "d50e7819-b86f-4a84-a8d2-262898f2d672", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "c217f089-d24b-44b0-98b6-6303245f8522", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d89fa246-7ba8-45f8-b939-c6d7356a5023", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "2954c68d-8cc5-47bb-a9ef-d333dfcf3c77", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "184dd52a-5636-41fe-85fa-af2da1f7f6b7", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "59aa61dd-72ff-4704-9325-11f6ba53851f", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "fad20c96-7d8a-463a-8f6a-727773944804", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "c03a7a4c-b782-46ae-a8ec-9b91025d839d", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "a0d80a57-d8fa-43ee-82de-767206df9d6b", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" } }, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "34eeeecc-6e38-4fa7-9b9a-5396984beb70", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "1b982c51-ce1d-458a-8f87-dc473dee86c8", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "740a92df-796f-4b13-80f1-5d8ddc1234fa", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "000b2e2a-4eb2-4d43-b759-1aae49784d41", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "daa9c3f8-37b1-4e75-a0b6-714fbc255e7a", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "f3ca11fc-8037-495a-be86-6b0edde4158a", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "4af47186-68b1-4629-8189-ccf2893a5986", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "30eaf565-6c5e-4173-bed9-66bd676838c5", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "74c174ee-9aad-442a-9497-76aec3ab0c4f", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "a16beadc-0c9c-4cbe-a31b-a6b33f8a74c0", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "1dc381e7-0e24-44d7-92e4-d8edc8892ba3", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "7389a745-41fe-4c87-bbd8-b6751e41cb0d", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "dfcb55ac-6048-4633-8390-76a92dc01ff8", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "1a7f77d3-ad95-402b-a13a-e99290b120cc", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "86f91729-f0a4-474a-828a-783acaa70ee6", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "7e77d988-3a49-4f94-b770-36717a3a67a0", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "manage-users", "view-users", "query-clients", "create-client", "view-realm", "query-realms", "view-events", "query-users", "manage-clients", "manage-authorization", "manage-realm", "view-identity-providers", "manage-events", "manage-identity-providers", "view-authorization", "impersonation", "view-clients", "query-groups" ] + { + "id": "3fd24bf3-12c3-4cf7-9d94-28062fd680d9", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - }, { - "id" : "447bd792-fbfa-4a8d-bbfb-9c8c4fa55bbe", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] + { + "id": "a19b2bf4-72bb-4f1a-bebb-527e31e9b8b5", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "orderingswaggerui" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "4976b16a-a2e9-4738-b2dc-0e7a28679300", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "1790c30e-7010-4d4f-bc3b-181a65868873", - "attributes" : { } - } ], - "account" : [ { - "id" : "e39429fa-1cec-4595-908d-e0c53e9f9c6c", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "61c7e1eb-6fe7-4cf5-9538-4975f4c0321c", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "d3d3938b-9c19-4261-9105-c77426dcf984", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "de1829b1-0c28-4ef2-b6d6-59d412086da6", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "9a4e43f4-28fe-4182-a916-8b0270dbd5c6", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] + { + "id": "bf4408ed-ce03-4f80-9692-d60ef65273c3", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" } }, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "7d24e973-1015-4b85-9246-aaa0fc8ef71e", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "8f10d2cc-ccdf-41f0-b5f2-2c1226b2e182", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - }, { - "id" : "4497bf44-3add-482d-b081-ce0c8e2c4d55", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] + { + "id": "8889c81d-8b9b-4a2d-8a1b-d1c6c10e8c84", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" } }, - "clientRole" : true, - "containerId" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "attributes" : { } - } ] + { + "id": "fb83d607-738b-41d6-9c8f-d08071d11464", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "3df5bab8-69b4-44f6-befb-d4001916ddd4", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "5ae11355-d1be-44cd-b2d8-2537a1e5e984", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "ae4e1524-c240-4772-a91d-72de9f0b82ed", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "a186371f-41c6-4ee5-9865-b33d4ec4d6ae", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "9680ed4a-bd76-45ea-975f-b4823f4ea8ea", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8d6bc914-cece-48aa-a526-a81ed35fcc31", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "fef101d5-9102-43b8-9637-305a855b71f0", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8f8a54b6-84d9-40ca-9c07-7ce88984fc94", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + }, + { + "id": "56f89059-4148-4da4-93b9-1bbc6ac46582", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "f7236b18-36b1-4399-9c97-ddf91eba416c", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0a990de4-2a3e-4f1e-99d4-bcb537a3f075", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "349bab94-cc2b-4eb7-ac79-feff39fedb23", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "b2b378a9-9281-425e-a999-8dd83c13c2a3", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "b415ee06-6f2b-445e-b199-4d2a2922517f", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "1a2dc2f6-541a-4193-98e4-e5fade1d5aa1", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "55dca1fe-9de3-424e-9436-0b14f467278a", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "33d86ba4-b262-4ce2-a799-46295ad42e4b", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] } + ], + "defaultDefaultClientScopes": [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "groups" : [ ], - "defaultRole" : { - "id" : "b2fa8449-be5e-4cde-8771-74e028be70ea", - "name" : "default-roles-eshop", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73" + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ "jboss-logging" ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "d76d70d8-c946-40ef-bc18-3ca80ea8b781", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ] + } + }, + { + "id": "401f7a9a-dd5e-488c-b0a5-54c57eda7c20", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ "200" ] + } + }, + { + "id": "a4f879fb-d9dc-44ff-b1c9-4d8348661e0f", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper" ] + } + }, + { + "id": "ab7c9148-c423-4d14-bbba-855f66b42f0b", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ "true" ] + } + }, + { + "id": "ab28a974-5033-4cfb-afc5-4d97eaa77d60", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c9ef1ede-c8c2-4e8e-b642-9c9e845e2934", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "09209618-692e-4096-95a2-4a05fbe1e9b7", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ "true" ], + "client-uris-must-match": [ "true" ] + } + }, + { + "id": "926a494c-2953-4438-ad8d-317e8bf3295a", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ "true" ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "333de0f6-bb1c-4238-a1dd-e43b65a09581", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ "ec612b91-0743-4a46-ae8c-33eac6d2789e" ], + "secret": [ "nFxwBormOnVZmZD-ke6celfilCz3_8FH2aJjkAcrjD2Mf2bCToWHfw9UotBDSVAvzFSe48xsFQPcH0RhJuXy5Q" ], + "priority": [ "100" ], + "algorithm": [ "HS256" ] + } + }, + { + "id": "8885abef-6d08-4b9a-86b1-58700debad31", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ "212a094b-5982-4d80-abc1-3ab1c01c9e7a" ], + "secret": [ "-lwEU7xr0Fwvf98NT2hpIw" ], + "priority": [ "100" ] + } + }, + { + "id": "b7928cd4-b13c-4f0b-a074-bee92efdc238", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ "MIIEpAIBAAKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABAoIBAAF2JO+M/XW11n1JlMBcCZ/IKxtxdkZCgx64+XqRSLEsxEVCcxxzvvIvq4FnfF3IemHThmQNm3Ivbv0IlNfRSuYT5R/JmYz3zADMdh4oyc7DZdHD/j0roY8edZUDG0FiJe1Va3huLnV1Ly+pX7OCJ31a9b+wA1P803vH7C25F/AlYjeJpMnJ1w3lUGe0DKx30ktmP0ydCsp68Fyizw8o8wjHZwDvbMQhAS2vCVFSMub/4vKTxt96DSb2ePqRtnaCVhjjkdLs/SgUSuIcDDV8fhcH7uViR2zpGIS2wTTObWoYwSwDd/tINkdIvTzq3zvVfYi61Wjrkvrq0BhHW8/5aykCgYEA85BPInjB3Ve//snq5exzuZSNmQuUOuT4QojDGbd5A4SwkM2V+PgB0SD4hgts3tJcTVWJSJb/w4K0vwyZrN08n9CB2NfQw+VRVgtAHlyQPVSSdP+7j3bbZPgaMHKb5o/xP70Ahiz4gNHv/vdNB+Hfd/J7r8JHi2hyOSvFtkr19/0CgYEA5AZjnmIUxoUZ9gZNpjQZ4b8j3tHW6HKNwmEg2eB2ZGZLQDLyrGsBA8QhrLxFCSZBEKWRyONav4qwdL35Xu1ki6GAB/JYowP5zKI9NWGSI3taL49c7OTbMTGEjdXfvC3zlqTIZICj1+GppiSOr4ix6dSWld3wFW4saOsSiWUroOUCgYEAiKCL859fyKU/u1JTJVUleZXedFqtdPgaV2BWaSelh5a4YRIiLb4ZbtGa976S/M9uHad80i56HJdGguEzl2enaVLSc+xkXG9X1/eJqT5tXyoA2gbWlNysp5ARSNoRoB1gzEtebuXtJH4frZvWJzTKYYOxZF+MOKSHZpCqYN7d6ZUCgYAxjJXfF88N6GRgyrPa1t186Y0A4TZC4omdYH/D+Huhi3z0oV2MS+A3kkoDABI8T7y5wlCwh37zuk5nv9RNZWaA1QI+N9I88iM47VRBokcgQLCzPwLhU0WyJeF49K2edZnF9V66QB3aTmYP/UeoKxsGBbUHMef2sC8kSViI1JwrZQKBgQCNc4OuZXq6AFe4q2QAnQh4hNW1hOqDD+q4PB2SJw8JKJINUVwa9JnuheTPuItAdfbdlJzMUKNk39UF/XIBX8+vcvqMdjsHqPlsSpPWGiGn6OvPWohi2Jfmubr1/+o1Y373e4dSRXTsLROQDI0fPe5DeJjQ32J4+LxPg6PMJxQCGg==" ], + "keyUse": [ "ENC" ], + "certificate": [ "MIICmTCCAYECBgGNI6tPDDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCeVmd/il38EX5zz7Us6PMhiXyFH+I2XioSgK5SQH8CRCq5F7SAJS3qexIE4gbK/gBLneSiEu9fnkalrpJQcEo3QYzMdoLdcoAWcvCg4imskhzb01iLzbUlDF3ozZtI/1tGrkm5WGdKBz36cfcV43mUinifblBALXQgjwdC2r5JModo5ZYcHOJwikJERJYTZXkKgBTYc4otwtNl+mlqGuGerDc7jWIowQ7tEMT5U7eG+MgdCx1+laCIAgPKet8/ybZf/n/tYDet4DGGuCxzYyGyiuxwgLvU697isZkoEBFNODvxz97fVAkgNvO+8j8HvWY4PZ+Kcd1Ssk3TRyC5DNwh" ], + "priority": [ "100" ], + "algorithm": [ "RSA-OAEP" ] + } + }, + { + "id": "52e8f54c-3d85-4ab5-8e9b-c9b231f724dc", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ "MIIEpAIBAAKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABAoIBABM7j4aRj0e91J28W+SIDJurR+YESM6QrgoNAEgr0l/OUnK+YVv3S8PwIyatBvZEAL7RdV/8rF7OUC5e+WlNRJSGUYpVrhAkbbg4Ad4aV570o6eMsrvTyZsX570+CuY8vqJai87qLV9rWiplB2mmq3ixcRoY+sm3tj6wfbWxpFFhFClp6KApXxissXv6jEOaq4MMzbUli44TtCxDAP0nwvijjm/lofQjPbTJkSNZVnz3lr/qAC1XTD+J+2Rf4VxDLCeowYsSClP0DafZGHXcQagRZuUmAOCoszc5BT2DkMWu7IZRC/iROmZMrrnJzqAAgNd0yz0Sd74M9DHTD17LVFkCgYEA713g6Cn+sF6HSqcWvj7A5MF6fJg9/4Msfg3FOkdp7T3TG3+uEHrE6Z5vuShcmJxFibaW4buIp2jXwkn5bciLZph3H/epZlto6w/Sh7Y/url+zvNE9UQOqEZkS5RLu9WEea9e/0liOIC+Sj8w0ymIpwiDD+6vbTKp7fEvFEEwS7UCgYEA06f36hW9+MQahF8u9ud4MEiIVYJhvfnJKJG/YzeQGA5gN0kL9mYSIpPLWWHWaME11Z06pAaCeerW9pTGq9zAZNj8WN4oFN6aIfY8wc0Fxd2Lbgh8/Y9KvHTrnWiDgFdSjrC7Gv1wz3o41Qu9XpGCToK/Q1hs9zswe0JtlM6gaG8CgYBw6tRiMQ1Ynf8slE4CSRAt2aeyhw8YLgUbIdvcdjveEsA3xK+UTpX9ryP9MLEdvPqA0IW0zwbUEn1VxhfIVkaMi3gGuIpNIuoHmVszciH2L/NGJTRuj0Bq2WoOzVI8tajczoH949xV00XxOIYL1xgD09wf8/UFilTnTlNrNqVV0QKBgQCXK2jOMCk2/BlUYgdRIZGeKq/1IuJcpYMfDrn7SzwHcn0V/34jxlM9jwG2HULeHuEsaNfxPxUBrtFJ3IjpRwnC/Zd+gW1vOm4rw4sxgBWXdNyZAkcDcsyWPYvrKTKC/9tfPqrkZA+moEznHTNrz9GZ8ZhZqVZqXkQKRS+vEMVQ0QKBgQDYWW8fqW9fTdx5hvZNktNxcawwmR0+/AMMf06qH25W/kLtuMGasGCqtp/4uHTR7XX2Pqkp0sHYwbvP2LG4Ac4dUEGTKtfnB5C2yyBKd0CPI+oij51U5JS2Lg773FpbAJ8AuGo7YV/Jq24HdUmiu7i7GyVwofqHxz6tYOUCn8dlUA==" ], + "keyUse": [ "SIG" ], + "certificate": [ "MIICmTCCAYECBgGNI6tOdDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwhFqzlIdo0Cwro0Ax0dJlSmaL3DpVsg28FPTyJohA/63mv1S/J7FjRdxJavc0qIFZiDAaNorQF1JlzJFioW2XJpK8vHzlaYsKXnX6Q2B8V1IlRLHsoWRGrDi5WdxQniETyIRI1jaSq3vqe5kaiNo8YeWD3MkLSa29aIDqmGAV5pr/Pg8NApBptDLQ1wT9ZjvLzZ8Qby0Q91gSyEvzqzMAaRcjMh95dAUljkpP7axBABQl83jIf6EWh2mW4vfvCkLCjUIaAZDD+iA04rO433yrRvZI2Hh1BBuZi/ISLPkgesGm4jj2xbhKNY1yfCgwy8grcBjhB5kFYVbe1DvLcIJI" ], + "priority": [ "100" ] + } + } + ] }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "localizationTexts" : { }, - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyExtraOrigins" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessExtraOrigins" : [ ], - "users" : [ { - "id" : "dacfbd28-991c-43d8-bd9a-36e73095fd73", - "createdTimestamp" : 1705700546001, - "username" : "service-account-webapp", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "webapp", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-eshop" ], - "clientRoles" : { - "webapp" : [ "uma_protection" ] + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "e96cceac-cf11-4d11-9e88-0aec7405aa8e", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "179dc1ef-e1ea-4488-95d8-25966c51dbe7", - "createdTimestamp" : 1706043756945, - "username" : "test@example.com", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Test", - "lastName" : "User", - "email" : "test@example.com", - "credentials" : [ { - "id" : "b3303049-ca64-4b2e-8e54-f8ba68cb1dd3", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1706043767385, - "secretData" : "{\"value\":\"yiJD8l5ry2Cod9AUvrkku/W/dYpJrRP3e7AYKw+zFpE=\",\"salt\":\"EJ6jMyRlQOGqUmWDq493qw==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-eshop" ], - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "82385f82-f986-49fe-a512-5a8ea45f09ee", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/eShop/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/eShop/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "e283ea4e-cefe-45e0-8063-38a50e8f5ac9", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "d84cf061-eeeb-4675-b0d0-5cd609bc44c6", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/eShop/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/eShop/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" + { + "id": "0effd347-2f02-4f54-bec1-d61640f78411", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "6abcbb09-2122-4bbb-91f4-4c61c8abff65", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f63db859-cf66-42f4-9ce0-1d40ca5c922c", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "560c1aae-603f-43a2-a282-3b26e34ca7da", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "1790c30e-7010-4d4f-bc3b-181a65868873", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "e89c4fb9-7cb9-4a5e-9ca0-d615e3963a99", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6bbe9167-4ac5-49e3-a0ea-06fa6b9fe56c", - "clientId" : "orderingswaggerui", - "name" : "Ordering Swagger UI", - "description" : "", - "rootUrl" : "${ORDERINGAPI_HTTP}", - "adminUrl" : "${ORDERINGAPI_HTTP}", - "baseUrl" : "${ORDERINGAPI_HTTP}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "${ORDERINGAPI_HTTP}/*" ], - "webOrigins" : [ "${ORDERINGAPI_HTTP}" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : true, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "backchannel.logout.revoke.offline.tokens" : "false" + { + "id": "476f2bb6-dff6-4a7e-ad8f-0aa5672ea776", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "348d0c1d-6d87-4975-b5b1-d3f7ca245cd0", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" + { + "id": "43cfa637-9f21-4fbf-8387-0b0535517820", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "e6a9aea6-f8d4-40f6-a832-6537fce8791e", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/eShop/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/eShop/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" + { + "id": "2534f882-aff2-4827-ab22-a71800060e1f", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "ad67051f-d487-417e-9375-f6563ee86ddf", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "cc5ff175-d0b3-4759-8b01-49e60dfa9269", - "clientId" : "webapp", - "name" : "eShop Web Frontend", - "description" : "The frontend web site of the eShop system.", - "rootUrl": "${WEBAPP_HTTPS}", - "adminUrl": "${WEBAPP_HTTPS_CONTAINERHOST}", - "baseUrl": "${WEBAPP_HTTPS}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "dAayhA7hWQFrNpKJvskRodHSDuf1burR", - "redirectUris": [ "${WEBAPP_HTTP}/*", "${WEBAPP_HTTPS}/*" ], - "webOrigins": [ "${WEBAPP_HTTPS}", "${WEBAPP_HTTP}" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "false", - "client.secret.creation.time" : "1705700546", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "false", - "display.on.consent.screen" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" + { + "id": "ed2d0ead-7b18-45c2-a0ab-298b355d02c7", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "46526429-fa70-4518-9512-089a9830f179", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "9eee2065-3d31-4621-be61-b83f05f2c113", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "client_id", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "client_id", - "jsonType.label" : "String" - } - }, { - "id" : "4951c816-a177-4193-b714-585b0bb23ab5", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "4d6f4264-5a7e-4d41-894c-6b721f14fd1f", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + { + "id": "b33f293a-4f51-4d38-ab7f-543ed1dc71bf", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "c5d42bda-8b7c-4da7-9ef7-e27b8c5078c6", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "introspection.token.claim" : "true", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "bbb1ecc5-64ba-4013-a020-49b0a9059bb2", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" + { + "id": "fe59c24c-7322-4e67-9e82-be0023ab2889", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "1230fed0-b7d3-4868-b286-cd25b8158c83", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - } ] - }, { - "id" : "5ad804f6-d175-4b97-81dd-b9091071b9e4", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + { + "id": "9bb58e30-8fa6-4ea0-9065-ce61c02ba00d", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "f28975dc-48c3-463f-aa6a-e999945d4566", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "d50e7819-b86f-4a84-a8d2-262898f2d672", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "c217f089-d24b-44b0-98b6-6303245f8522", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + { + "id": "42f4d6fb-7a7d-45bc-97be-5a0948d88945", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "d89fa246-7ba8-45f8-b939-c6d7356a5023", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - }, { - "id" : "2954c68d-8cc5-47bb-a9ef-d333dfcf3c77", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "184dd52a-5636-41fe-85fa-af2da1f7f6b7", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "59aa61dd-72ff-4704-9325-11f6ba53851f", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + { + "id": "4d3d0525-0333-43e8-be62-8fec05753aa3", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "fad20c96-7d8a-463a-8f6a-727773944804", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "c03a7a4c-b782-46ae-a8ec-9b91025d839d", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "a0d80a57-d8fa-43ee-82de-767206df9d6b", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "introspection.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "3fd24bf3-12c3-4cf7-9d94-28062fd680d9", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "a19b2bf4-72bb-4f1a-bebb-527e31e9b8b5", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "bf4408ed-ce03-4f80-9692-d60ef65273c3", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "8889c81d-8b9b-4a2d-8a1b-d1c6c10e8c84", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" - } - }, { - "id" : "fb83d607-738b-41d6-9c8f-d08071d11464", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "3df5bab8-69b4-44f6-befb-d4001916ddd4", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "5ae11355-d1be-44cd-b2d8-2537a1e5e984", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "ae4e1524-c240-4772-a91d-72de9f0b82ed", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "a186371f-41c6-4ee5-9865-b33d4ec4d6ae", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "9680ed4a-bd76-45ea-975f-b4823f4ea8ea", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "8d6bc914-cece-48aa-a526-a81ed35fcc31", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "fef101d5-9102-43b8-9637-305a855b71f0", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + { + "id": "72715113-db54-4ba0-89c0-85422e552a58", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "8f8a54b6-84d9-40ca-9c07-7ce88984fc94", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" - } - }, { - "id" : "56f89059-4148-4da4-93b9-1bbc6ac46582", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "multivalued" : "true", - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" - } - }, { - "id" : "f7236b18-36b1-4399-9c97-ddf91eba416c", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "0a990de4-2a3e-4f1e-99d4-bcb537a3f075", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + { + "id": "2777a201-b799-4f0d-8544-759e3aef5454", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "349bab94-cc2b-4eb7-ac79-feff39fedb23", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "b2b378a9-9281-425e-a999-8dd83c13c2a3", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + { + "id": "7f527e1a-3f5f-4a39-80b3-ad3fe110db15", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] }, - "protocolMappers" : [ { - "id" : "b415ee06-6f2b-445e-b199-4d2a2922517f", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "access.token.claim" : "true" + { + "id": "c9a052b6-28c6-4b13-8bc3-12958bbe0a68", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "b0b50f78-9a3b-4f03-a9bf-07ac56f2ebac", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" } - } ] - }, { - "id" : "1a2dc2f6-541a-4193-98e4-e5fade1d5aa1", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" }, - "protocolMappers" : [ { - "id" : "55dca1fe-9de3-424e-9436-0b14f467278a", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "33d86ba4-b262-4ce2-a799-46295ad42e4b", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "introspection.token.claim" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "d76d70d8-c946-40ef-bc18-3ca80ea8b781", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ] - } - }, { - "id" : "401f7a9a-dd5e-488c-b0a5-54c57eda7c20", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "a4f879fb-d9dc-44ff-b1c9-4d8348661e0f", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper" ] - } - }, { - "id" : "ab7c9148-c423-4d14-bbba-855f66b42f0b", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] + { + "id": "c972ed55-c8f6-426f-965c-1267dc1f68a9", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" } - }, { - "id" : "ab28a974-5033-4cfb-afc5-4d97eaa77d60", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "c9ef1ede-c8c2-4e8e-b642-9c9e845e2934", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "09209618-692e-4096-95a2-4a05fbe1e9b7", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "926a494c-2953-4438-ad8d-317e8bf3295a", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "333de0f6-bb1c-4238-a1dd-e43b65a09581", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "ec612b91-0743-4a46-ae8c-33eac6d2789e" ], - "secret" : [ "nFxwBormOnVZmZD-ke6celfilCz3_8FH2aJjkAcrjD2Mf2bCToWHfw9UotBDSVAvzFSe48xsFQPcH0RhJuXy5Q" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "8885abef-6d08-4b9a-86b1-58700debad31", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "212a094b-5982-4d80-abc1-3ab1c01c9e7a" ], - "secret" : [ "-lwEU7xr0Fwvf98NT2hpIw" ], - "priority" : [ "100" ] - } - }, { - "id" : "b7928cd4-b13c-4f0b-a074-bee92efdc238", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABAoIBAAF2JO+M/XW11n1JlMBcCZ/IKxtxdkZCgx64+XqRSLEsxEVCcxxzvvIvq4FnfF3IemHThmQNm3Ivbv0IlNfRSuYT5R/JmYz3zADMdh4oyc7DZdHD/j0roY8edZUDG0FiJe1Va3huLnV1Ly+pX7OCJ31a9b+wA1P803vH7C25F/AlYjeJpMnJ1w3lUGe0DKx30ktmP0ydCsp68Fyizw8o8wjHZwDvbMQhAS2vCVFSMub/4vKTxt96DSb2ePqRtnaCVhjjkdLs/SgUSuIcDDV8fhcH7uViR2zpGIS2wTTObWoYwSwDd/tINkdIvTzq3zvVfYi61Wjrkvrq0BhHW8/5aykCgYEA85BPInjB3Ve//snq5exzuZSNmQuUOuT4QojDGbd5A4SwkM2V+PgB0SD4hgts3tJcTVWJSJb/w4K0vwyZrN08n9CB2NfQw+VRVgtAHlyQPVSSdP+7j3bbZPgaMHKb5o/xP70Ahiz4gNHv/vdNB+Hfd/J7r8JHi2hyOSvFtkr19/0CgYEA5AZjnmIUxoUZ9gZNpjQZ4b8j3tHW6HKNwmEg2eB2ZGZLQDLyrGsBA8QhrLxFCSZBEKWRyONav4qwdL35Xu1ki6GAB/JYowP5zKI9NWGSI3taL49c7OTbMTGEjdXfvC3zlqTIZICj1+GppiSOr4ix6dSWld3wFW4saOsSiWUroOUCgYEAiKCL859fyKU/u1JTJVUleZXedFqtdPgaV2BWaSelh5a4YRIiLb4ZbtGa976S/M9uHad80i56HJdGguEzl2enaVLSc+xkXG9X1/eJqT5tXyoA2gbWlNysp5ARSNoRoB1gzEtebuXtJH4frZvWJzTKYYOxZF+MOKSHZpCqYN7d6ZUCgYAxjJXfF88N6GRgyrPa1t186Y0A4TZC4omdYH/D+Huhi3z0oV2MS+A3kkoDABI8T7y5wlCwh37zuk5nv9RNZWaA1QI+N9I88iM47VRBokcgQLCzPwLhU0WyJeF49K2edZnF9V66QB3aTmYP/UeoKxsGBbUHMef2sC8kSViI1JwrZQKBgQCNc4OuZXq6AFe4q2QAnQh4hNW1hOqDD+q4PB2SJw8JKJINUVwa9JnuheTPuItAdfbdlJzMUKNk39UF/XIBX8+vcvqMdjsHqPlsSpPWGiGn6OvPWohi2Jfmubr1/+o1Y373e4dSRXTsLROQDI0fPe5DeJjQ32J4+LxPg6PMJxQCGg==" ], - "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmTCCAYECBgGNI6tPDDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PKapA1XrBh4GY3LMzGRJUeLzna0K11I5/3MIOnTnkXW2LLOXdn2GnM1rahPmB4/YRHPoOelbKaD5RPu1gpFy7HWpayy6539cjVMB3vG6mAC/nESXB6TIoLe7rbOILSCvmOef/FwkenCco2xEsLTW5XzCgJUE83TtEa3mq9+1ZNNinDXI67UaovaJpdHt08i2RS8fs/5mzVUZTSppUbI4j/SW4cF9iho3RvwTjpMZhUS3tLZYWBiluPdIRTy/Ktg697rzdJ5N0CtM/kEnTM84CxiD6HMMkRRDROI+R9HbkOB4W51Z9oie/IVZiRIyTZFNAE/ZRBuYxx3O+13QYP1UQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCeVmd/il38EX5zz7Us6PMhiXyFH+I2XioSgK5SQH8CRCq5F7SAJS3qexIE4gbK/gBLneSiEu9fnkalrpJQcEo3QYzMdoLdcoAWcvCg4imskhzb01iLzbUlDF3ozZtI/1tGrkm5WGdKBz36cfcV43mUinifblBALXQgjwdC2r5JModo5ZYcHOJwikJERJYTZXkKgBTYc4otwtNl+mlqGuGerDc7jWIowQ7tEMT5U7eG+MgdCx1+laCIAgPKet8/ybZf/n/tYDet4DGGuCxzYyGyiuxwgLvU697isZkoEBFNODvxz97fVAkgNvO+8j8HvWY4PZ+Kcd1Ssk3TRyC5DNwh" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "52e8f54c-3d85-4ab5-8e9b-c9b231f724dc", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABAoIBABM7j4aRj0e91J28W+SIDJurR+YESM6QrgoNAEgr0l/OUnK+YVv3S8PwIyatBvZEAL7RdV/8rF7OUC5e+WlNRJSGUYpVrhAkbbg4Ad4aV570o6eMsrvTyZsX570+CuY8vqJai87qLV9rWiplB2mmq3ixcRoY+sm3tj6wfbWxpFFhFClp6KApXxissXv6jEOaq4MMzbUli44TtCxDAP0nwvijjm/lofQjPbTJkSNZVnz3lr/qAC1XTD+J+2Rf4VxDLCeowYsSClP0DafZGHXcQagRZuUmAOCoszc5BT2DkMWu7IZRC/iROmZMrrnJzqAAgNd0yz0Sd74M9DHTD17LVFkCgYEA713g6Cn+sF6HSqcWvj7A5MF6fJg9/4Msfg3FOkdp7T3TG3+uEHrE6Z5vuShcmJxFibaW4buIp2jXwkn5bciLZph3H/epZlto6w/Sh7Y/url+zvNE9UQOqEZkS5RLu9WEea9e/0liOIC+Sj8w0ymIpwiDD+6vbTKp7fEvFEEwS7UCgYEA06f36hW9+MQahF8u9ud4MEiIVYJhvfnJKJG/YzeQGA5gN0kL9mYSIpPLWWHWaME11Z06pAaCeerW9pTGq9zAZNj8WN4oFN6aIfY8wc0Fxd2Lbgh8/Y9KvHTrnWiDgFdSjrC7Gv1wz3o41Qu9XpGCToK/Q1hs9zswe0JtlM6gaG8CgYBw6tRiMQ1Ynf8slE4CSRAt2aeyhw8YLgUbIdvcdjveEsA3xK+UTpX9ryP9MLEdvPqA0IW0zwbUEn1VxhfIVkaMi3gGuIpNIuoHmVszciH2L/NGJTRuj0Bq2WoOzVI8tajczoH949xV00XxOIYL1xgD09wf8/UFilTnTlNrNqVV0QKBgQCXK2jOMCk2/BlUYgdRIZGeKq/1IuJcpYMfDrn7SzwHcn0V/34jxlM9jwG2HULeHuEsaNfxPxUBrtFJ3IjpRwnC/Zd+gW1vOm4rw4sxgBWXdNyZAkcDcsyWPYvrKTKC/9tfPqrkZA+moEznHTNrz9GZ8ZhZqVZqXkQKRS+vEMVQ0QKBgQDYWW8fqW9fTdx5hvZNktNxcawwmR0+/AMMf06qH25W/kLtuMGasGCqtp/4uHTR7XX2Pqkp0sHYwbvP2LG4Ac4dUEGTKtfnB5C2yyBKd0CPI+oij51U5JS2Lg773FpbAJ8AuGo7YV/Jq24HdUmiu7i7GyVwofqHxz6tYOUCn8dlUA==" ], - "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmTCCAYECBgGNI6tOdDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVlU2hvcDAeFw0yNDAxMTkyMTM5MDVaFw0zNDAxMTkyMTQwNDVaMBAxDjAMBgNVBAMMBWVTaG9wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxedua4Y0OZp7ioKJlP/YRrz6Ynv+WJGHcf5n1G7g/rOZoHNIUvz5f3QV+p7+4uXLIwSMvVGmWEuGeo9TVa6kJZP1k1zTVigwa6Fimh1pUnMkYkAAV7nMGpbYDWqP0+6rwYEm7U8TE4YIWa6jYOmoG9n3s42PpMc0EXldI3dCFLkcjmQjPn2lUZIt6TZ7zC8opJKBywIqPWHI3hu3lri/5cPyaloyXBW0c8ydSd3dzhxM8D8EOWaOfTZ/PslVlOsFzJGgTKhB8uw+qP++hIvdIZfsS2texmO37n1O+6LU2DfKKeb8jqkGwWjqGAZywgq2Mg1qtLXEjjKboxUC2dJbewIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwhFqzlIdo0Cwro0Ax0dJlSmaL3DpVsg28FPTyJohA/63mv1S/J7FjRdxJavc0qIFZiDAaNorQF1JlzJFioW2XJpK8vHzlaYsKXnX6Q2B8V1IlRLHsoWRGrDi5WdxQniETyIRI1jaSq3vqe5kaiNo8YeWD3MkLSa29aIDqmGAV5pr/Pg8NApBptDLQ1wT9ZjvLzZ8Qby0Q91gSyEvzqzMAaRcjMh95dAUljkpP7axBABQl83jIf6EWh2mW4vfvCkLCjUIaAZDD+iA04rO433yrRvZI2Hh1BBuZi/ISLPkgesGm4jj2xbhKNY1yfCgwy8grcBjhB5kFYVbe1DvLcIJI" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "e96cceac-cf11-4d11-9e88-0aec7405aa8e", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "e283ea4e-cefe-45e0-8063-38a50e8f5ac9", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "0effd347-2f02-4f54-bec1-d61640f78411", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "560c1aae-603f-43a2-a282-3b26e34ca7da", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "e89c4fb9-7cb9-4a5e-9ca0-d615e3963a99", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "476f2bb6-dff6-4a7e-ad8f-0aa5672ea776", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "43cfa637-9f21-4fbf-8387-0b0535517820", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "2534f882-aff2-4827-ab22-a71800060e1f", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "ed2d0ead-7b18-45c2-a0ab-298b355d02c7", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "b33f293a-4f51-4d38-ab7f-543ed1dc71bf", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "fe59c24c-7322-4e67-9e82-be0023ab2889", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "9bb58e30-8fa6-4ea0-9065-ce61c02ba00d", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "42f4d6fb-7a7d-45bc-97be-5a0948d88945", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "4d3d0525-0333-43e8-be62-8fec05753aa3", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "72715113-db54-4ba0-89c0-85422e552a58", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "2777a201-b799-4f0d-8544-759e3aef5454", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "7f527e1a-3f5f-4a39-80b3-ad3fe110db15", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "c9a052b6-28c6-4b13-8bc3-12958bbe0a68", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "b0b50f78-9a3b-4f03-a9bf-07ac56f2ebac", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" } - }, { - "id" : "c972ed55-c8f6-426f-965c-1267dc1f68a9", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "webauthn-register", - "name" : "Webauthn Register", - "providerId" : "webauthn-register", - "enabled" : true, - "defaultAction" : false, - "priority" : 70, - "config" : { } - }, { - "alias" : "webauthn-register-passwordless", - "name" : "Webauthn Register Passwordless", - "providerId" : "webauthn-register-passwordless", - "enabled" : true, - "defaultAction" : false, - "priority" : 80, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "frontendUrl" : "", - "acr.loa.map" : "{}" + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}" }, - "keycloakVersion" : "23.0.4", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] + "keycloakVersion": "23.0.4", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] }, - "clientPolicies" : { - "policies" : [ ] + "clientPolicies": { + "policies": [] } -} \ No newline at end of file +} diff --git a/labs/3-Add-Identity/src/eShop.AppHost/eShop.AppHost.csproj b/labs/3-Add-Identity/src/eShop.AppHost/eShop.AppHost.csproj index 12f452e..7858fe0 100644 --- a/labs/3-Add-Identity/src/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/3-Add-Identity/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/4-Add-Shopping-Basket/README.md b/labs/4-Add-Shopping-Basket/README.md index d8af7fc..aaf9045 100644 --- a/labs/4-Add-Shopping-Basket/README.md +++ b/labs/4-Add-Shopping-Basket/README.md @@ -52,7 +52,7 @@ In previous labs, we have created a web site that shoppers can use to browser a ```csharp // Force HTTPS profile for web app (required for OIDC operations) - var webApp = builder.AddProject("webapp", launchProfileName: "https") + var webApp = builder.AddProject("webapp") .WithReference(catalogApi) .WithReference(basketApi) // <--- Add this line .WithReference(idp); diff --git a/labs/4-Add-Shopping-Basket/end/Keycloak/data/import/eshop-realm.json b/labs/4-Add-Shopping-Basket/end/Keycloak/data/import/eshop-realm.json index 68ecb7e..796fcb1 100644 --- a/labs/4-Add-Shopping-Basket/end/Keycloak/data/import/eshop-realm.json +++ b/labs/4-Add-Shopping-Basket/end/Keycloak/data/import/eshop-realm.json @@ -1,4 +1,4 @@ -{ +"${WEBAPP_CLIENT_SECRET}","${WEBAPP_CLIENT_SECRET}",{ "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", "realm" : "eShop", "displayName" : "", diff --git a/labs/4-Add-Shopping-Basket/end/eShop.AppHost/Program.cs b/labs/4-Add-Shopping-Basket/end/eShop.AppHost/Program.cs index 4e0016b..f528e7f 100644 --- a/labs/4-Add-Shopping-Basket/end/eShop.AppHost/Program.cs +++ b/labs/4-Add-Shopping-Basket/end/eShop.AppHost/Program.cs @@ -28,18 +28,27 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(catalogApi) .WithReference(basketApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} // Inject assigned URLs for Catalog API catalogApi.WithEnvironment("CatalogOptions__PicBaseAddress", catalogApi.GetEndpoint("http")); diff --git a/labs/4-Add-Shopping-Basket/end/eShop.AppHost/eShop.AppHost.csproj b/labs/4-Add-Shopping-Basket/end/eShop.AppHost/eShop.AppHost.csproj index a83e7dd..cee8083 100644 --- a/labs/4-Add-Shopping-Basket/end/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/4-Add-Shopping-Basket/end/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/4-Add-Shopping-Basket/src/Keycloak/data/import/eshop-realm.json b/labs/4-Add-Shopping-Basket/src/Keycloak/data/import/eshop-realm.json index 68ecb7e..796fcb1 100644 --- a/labs/4-Add-Shopping-Basket/src/Keycloak/data/import/eshop-realm.json +++ b/labs/4-Add-Shopping-Basket/src/Keycloak/data/import/eshop-realm.json @@ -1,4 +1,4 @@ -{ +"${WEBAPP_CLIENT_SECRET}","${WEBAPP_CLIENT_SECRET}",{ "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", "realm" : "eShop", "displayName" : "", diff --git a/labs/4-Add-Shopping-Basket/src/eShop.AppHost/Program.cs b/labs/4-Add-Shopping-Basket/src/eShop.AppHost/Program.cs index f05ab87..479f0a8 100644 --- a/labs/4-Add-Shopping-Basket/src/eShop.AppHost/Program.cs +++ b/labs/4-Add-Shopping-Basket/src/eShop.AppHost/Program.cs @@ -25,17 +25,26 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(catalogApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} // Inject assigned URLs for Catalog API catalogApi.WithEnvironment("CatalogOptions__PicBaseAddress", catalogApi.GetEndpoint("http")); diff --git a/labs/4-Add-Shopping-Basket/src/eShop.AppHost/eShop.AppHost.csproj b/labs/4-Add-Shopping-Basket/src/eShop.AppHost/eShop.AppHost.csproj index 12f452e..7858fe0 100644 --- a/labs/4-Add-Shopping-Basket/src/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/4-Add-Shopping-Basket/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/5-Add-Checkout/end/Keycloak/data/import/eshop-realm.json b/labs/5-Add-Checkout/end/Keycloak/data/import/eshop-realm.json index 68ecb7e..796fcb1 100644 --- a/labs/5-Add-Checkout/end/Keycloak/data/import/eshop-realm.json +++ b/labs/5-Add-Checkout/end/Keycloak/data/import/eshop-realm.json @@ -1,4 +1,4 @@ -{ +"${WEBAPP_CLIENT_SECRET}","${WEBAPP_CLIENT_SECRET}",{ "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", "realm" : "eShop", "displayName" : "", diff --git a/labs/5-Add-Checkout/end/eShop.AppHost/Program.cs b/labs/5-Add-Checkout/end/eShop.AppHost/Program.cs index 93663df..c0b6229 100644 --- a/labs/5-Add-Checkout/end/eShop.AppHost/Program.cs +++ b/labs/5-Add-Checkout/end/eShop.AppHost/Program.cs @@ -38,19 +38,27 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(basketApi) .WithReference(catalogApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); -idp.WithEnvironment("ORDERINGAPI_HTTP", orderingApi.GetEndpoint("http")); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} // Inject assigned URLs for Catalog API catalogApi.WithEnvironment("CatalogOptions__PicBaseAddress", catalogApi.GetEndpoint("http")); diff --git a/labs/5-Add-Checkout/end/eShop.AppHost/eShop.AppHost.csproj b/labs/5-Add-Checkout/end/eShop.AppHost/eShop.AppHost.csproj index d47288f..5223cfd 100644 --- a/labs/5-Add-Checkout/end/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/5-Add-Checkout/end/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/5-Add-Checkout/src/Keycloak/data/import/eshop-realm.json b/labs/5-Add-Checkout/src/Keycloak/data/import/eshop-realm.json index 68ecb7e..796fcb1 100644 --- a/labs/5-Add-Checkout/src/Keycloak/data/import/eshop-realm.json +++ b/labs/5-Add-Checkout/src/Keycloak/data/import/eshop-realm.json @@ -1,4 +1,4 @@ -{ +"${WEBAPP_CLIENT_SECRET}","${WEBAPP_CLIENT_SECRET}",{ "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", "realm" : "eShop", "displayName" : "", diff --git a/labs/5-Add-Checkout/src/eShop.AppHost/Program.cs b/labs/5-Add-Checkout/src/eShop.AppHost/Program.cs index 4fccff4..8d3429f 100644 --- a/labs/5-Add-Checkout/src/eShop.AppHost/Program.cs +++ b/labs/5-Add-Checkout/src/eShop.AppHost/Program.cs @@ -34,18 +34,27 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(basketApi) .WithReference(catalogApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} idp.WithEnvironment("ORDERINGAPI_HTTP", () => "http://placeholder-for-ordering-api"); // Inject assigned URLs for Catalog API diff --git a/labs/5-Add-Checkout/src/eShop.AppHost/eShop.AppHost.csproj b/labs/5-Add-Checkout/src/eShop.AppHost/eShop.AppHost.csproj index d0b1bc6..65db870 100644 --- a/labs/5-Add-Checkout/src/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/5-Add-Checkout/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/labs/6-Add-Resiliency/src/Keycloak/data/import/eshop-realm.json b/labs/6-Add-Resiliency/src/Keycloak/data/import/eshop-realm.json index 68ecb7e..796fcb1 100644 --- a/labs/6-Add-Resiliency/src/Keycloak/data/import/eshop-realm.json +++ b/labs/6-Add-Resiliency/src/Keycloak/data/import/eshop-realm.json @@ -1,4 +1,4 @@ -{ +"${WEBAPP_CLIENT_SECRET}","${WEBAPP_CLIENT_SECRET}",{ "id" : "e3a46e00-f700-4eaa-b1d3-6aad1045be73", "realm" : "eShop", "displayName" : "", diff --git a/labs/6-Add-Resiliency/src/eShop.AppHost/Program.cs b/labs/6-Add-Resiliency/src/eShop.AppHost/Program.cs index 0f2560a..e076d8d 100644 --- a/labs/6-Add-Resiliency/src/eShop.AppHost/Program.cs +++ b/labs/6-Add-Resiliency/src/eShop.AppHost/Program.cs @@ -38,19 +38,28 @@ // Apps // Force HTTPS profile for web app (required for OIDC operations) -var webApp = builder.AddProject("webapp", launchProfileName: "https") +var webApp = builder.AddProject("webapp") .WithReference(basketApi) .WithReference(catalogApi) .WithReference(orderingApi) - .WithReference(idp); + .WithReference(idp, env: "Identity__ClientSecret"); // Inject the project URLs for Keycloak realm configuration var webAppHttp = webApp.GetEndpoint("http"); var webAppHttps = webApp.GetEndpoint("https"); idp.WithEnvironment("WEBAPP_HTTP_CONTAINERHOST", webAppHttp); -idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); idp.WithEnvironment("WEBAPP_HTTP", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); -idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +if (webAppHttps.Exists) +{ + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttps); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttps.Scheme}://{webAppHttps.Host}:{webAppHttps.Port}"); +} +else +{ + // Still need to set these environment variables so the KeyCloak realm import doesn't fail + idp.WithEnvironment("WEBAPP_HTTPS_CONTAINERHOST", webAppHttp); + idp.WithEnvironment("WEBAPP_HTTPS", () => $"{webAppHttp.Scheme}://{webAppHttp.Host}:{webAppHttp.Port}"); +} idp.WithEnvironment("ORDERINGAPI_HTTP", orderingApi.GetEndpoint("http")); // Inject assigned URLs for Catalog API diff --git a/labs/6-Add-Resiliency/src/eShop.AppHost/eShop.AppHost.csproj b/labs/6-Add-Resiliency/src/eShop.AppHost/eShop.AppHost.csproj index d47288f..5223cfd 100644 --- a/labs/6-Add-Resiliency/src/eShop.AppHost/eShop.AppHost.csproj +++ b/labs/6-Add-Resiliency/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8 diff --git a/src/eShop.AppHost/eShop.AppHost.csproj b/src/eShop.AppHost/eShop.AppHost.csproj index d47288f..5223cfd 100644 --- a/src/eShop.AppHost/eShop.AppHost.csproj +++ b/src/eShop.AppHost/eShop.AppHost.csproj @@ -6,7 +6,6 @@ enable true false - b99dbce4-17d4-41d2-858a-2b0529d60bb8